A recent crackdown by SAP AG on companies that it considers are indirectly accessing its software without paying for it could spell trouble for some longstanding customers of the software vendor, an analyst firm said this week.

Under SAP's licensing terms, an indirect access scenario occurs when a company's employees or business partners, who are not licensed SAP users, accesses SAP software via a third-party application interface, said Dave Blake CEO of UpperEdge in Boston, Mass.

One example is where a company might capture customer orders and enter the data into a SAP system using a non-SAP application. Under a strict interpretation of SAP licensing terms, such access would require each user of the non-SAP application, to also get a named SAP user license.

In the past, SAP has preferred to turn a blind eye to such indirect access scenarios, Blake said. In situations where the issue has come up, SAP has typically issued a waiver or an exception, he said.

That has changed recently, however, based on feedback from UpprEdge's clients, Blake said. Increasingly, SAP has become much more aggressive in auditing and enforcing indirect access violations, in some cases charging enterprises millions of dollars in license and support fees.

Blake said that three of UpperEdge's clients have been asked to pay between $3 million and $6 million in additional license fees by SAP for violating the company's appropriate use licensing terms. All three companies are contesting the company's demand, he added.

Their experience should serve as a cautionary tale for all SAP customers, Blake said.

"The reason it can be challenging [for enterprises] is there is no specific definition at all in SAP's licenses agreement for the concept of indirect access," Blake said. It is a definition that company has held on to internally and used in a seemingly arbitrary fashion, he added.

The issue is an important one, especially for longstanding SAP customers, because over the years, many of them are likely to have integrated their SAP environment with multiple non-SAP applications. What is especially problematic for many of them is SAP's overly broad interpretation of what it considers indirect access, he said.

In a blog post on Tuesday, Blake pointed to several examples of what SAP might consider to be an instance of indirect access. In one, Blake noted that an employee who extracts and saves SAP data to an Excel file and then emails the Excel file to another employee, would require a SAP user license, and so would the employee who received the Excel file. Similarly, an employee requesting specific customer information from a SAP system via a Salesforce.com application would require a SAP license to access the data.

In addition, some recent changes to SAP's licensing terms now make it a requirement for companies to use only SAP processes to extract data from a SAP system to a non-SAP system, he noted.

SAP did not respond to a request for comment. So it was not immediately possible to verify the accuracy of the scenarios described by Blake, or of the claimed increased enforcement of the indirect access issue.

Frank Scavo, managing partner of the IT consulting firm Strativa, said today that he is unfamiliar with the specifics of the issues raised by Blake. But in the past, software vendors have resorted to similar tactics when they have been under financial pressure.

A company's ability to push back against vendor demands for additional license fees depends very much on where they are in the procurement cycle, Scavo said. Companies that are close to renewing their existing contracts with a vendor, or who may be thinking of buying more products from them, will be in a better position to negotiate a deal than companies that have no immediately procurement plans, Scavo said.

"I would tie forbearance from the vendor [for any outstanding software fee claims] as a pre-condition for doing additional business with that vendor" he said.

Companies that are concerned about being audited should also take a look at their contracts and understand all the definitions and terms of use. They need to take a look at their current use of SAP applications and try to get a handle on the magnitude of the issue before they are called up for non-compliance, Blake said.

Those getting into a new relationship with SAP need to read the fine print in their license agreement and make sure that they have a clear idea of their exposure to indirect access issues before they sign anything, Blake said.

"We have always seen SAP as being more relationship friendly [than other enterprise software vendors]," Blake said. "That, however, has begun changing."